CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-37834 – mm/vmscan: don't try to reclaim hwpoison folio
https://notcve.org/view.php?id=CVE-2025-37834
08 May 2025 — In the Linux kernel, the following vulnerability has been resolved: mm/vmscan: don't try to reclaim hwpoison folio Syzkaller reports a bug as follows: Injecting memory failure for pfn 0x18b00e at process virtual address 0x20ffd000 Memory failure: 0x18b00e: dirty swapcache page still referenced by 2 users Memory failure: 0x18b00e: recovery action for dirty swapcache page: Failed page: refcount:2 mapcount:0 mapping:0000000000000000 index:0x20ffd pfn:0x18b00e memcg:ffff0000dd6d9000 anon flags: 0x5ffffe00482011... • https://git.kernel.org/stable/c/1c9798bf8145a92abf45aa9d38a6406d9eb8bdf0 •
CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 0CVE-2025-37833 – net/niu: Niu requires MSIX ENTRY_DATA fields touch before entry reads
https://notcve.org/view.php?id=CVE-2025-37833
08 May 2025 — In the Linux kernel, the following vulnerability has been resolved: net/niu: Niu requires MSIX ENTRY_DATA fields touch before entry reads Fix niu_try_msix() to not cause a fatal trap on sparc systems. Set PCI_DEV_FLAGS_MSIX_TOUCH_ENTRY_DATA_FIRST on the struct pci_dev to work around a bug in the hardware or firmware. For each vector entry in the msix table, niu chips will cause a fatal trap if any registers in that entry are read before that entries' ENTRY_DATA register is written to. Testing indicates writ... • https://git.kernel.org/stable/c/7d5ec3d3612396dc6d4b76366d20ab9fc06f399f •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2025-37830 – cpufreq: scmi: Fix null-ptr-deref in scmi_cpufreq_get_rate()
https://notcve.org/view.php?id=CVE-2025-37830
08 May 2025 — In the Linux kernel, the following vulnerability has been resolved: cpufreq: scmi: Fix null-ptr-deref in scmi_cpufreq_get_rate() cpufreq_cpu_get_raw() can return NULL when the target CPU is not present in the policy->cpus mask. scmi_cpufreq_get_rate() does not check for this case, which results in a NULL pointer dereference. Add NULL check after cpufreq_cpu_get_raw() to prevent this issue. In the Linux kernel, the following vulnerability has been resolved: cpufreq: scmi: Fix null-ptr-deref in scmi_cpufreq_g... • https://git.kernel.org/stable/c/99d6bdf3387734d75e3e34e94a58b8a355b7a9c8 •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2025-37829 – cpufreq: scpi: Fix null-ptr-deref in scpi_cpufreq_get_rate()
https://notcve.org/view.php?id=CVE-2025-37829
08 May 2025 — In the Linux kernel, the following vulnerability has been resolved: cpufreq: scpi: Fix null-ptr-deref in scpi_cpufreq_get_rate() cpufreq_cpu_get_raw() can return NULL when the target CPU is not present in the policy->cpus mask. scpi_cpufreq_get_rate() does not check for this case, which results in a NULL pointer dereference. In the Linux kernel, the following vulnerability has been resolved: cpufreq: scpi: Fix null-ptr-deref in scpi_cpufreq_get_rate() cpufreq_cpu_get_raw() can return NULL when the target CP... • https://git.kernel.org/stable/c/343a8d17fa8d6dd97f408e8fedbcef12073f3774 •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2025-37824 – tipc: fix NULL pointer dereference in tipc_mon_reinit_self()
https://notcve.org/view.php?id=CVE-2025-37824
08 May 2025 — In the Linux kernel, the following vulnerability has been resolved: tipc: fix NULL pointer dereference in tipc_mon_reinit_self() syzbot reported: tipc: Node number set to 1055423674 Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] SMP KASAN NOPTI KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] CPU: 3 UID: 0 PID: 6017 Comm: kworker/3:5 Not tainted 6.15.0-rc1-syzkaller-00246-g900241a5cc15 #0 PREEMPT(full) Hardware name: QEMU Standard PC (Q... • https://git.kernel.org/stable/c/28845c28f842e9e55e75b2c116bff714bb039055 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-37823 – net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too
https://notcve.org/view.php?id=CVE-2025-37823
08 May 2025 — In the Linux kernel, the following vulnerability has been resolved: net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too Similarly to the previous patch, we need to safe guard hfsc_dequeue() too. But for this one, we don't have a reliable reproducer. In the Linux kernel, the following vulnerability has been resolved: net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too Similarly to the previous patch, we need to safe guard hfsc_dequeue() too. But for this one, we don't have a reliable reproducer... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2025-37819 – irqchip/gic-v2m: Prevent use after free of gicv2m_get_fwnode()
https://notcve.org/view.php?id=CVE-2025-37819
08 May 2025 — In the Linux kernel, the following vulnerability has been resolved: irqchip/gic-v2m: Prevent use after free of gicv2m_get_fwnode() With ACPI in place, gicv2m_get_fwnode() is registered with the pci subsystem as pci_msi_get_fwnode_cb(), which may get invoked at runtime during a PCI host bridge probe. But, the call back is wrongly marked as __init, causing it to be freed, while being registered with the PCI subsystem and could trigger: Unable to handle kernel paging request at virtual address ffff8000816c0400... • https://git.kernel.org/stable/c/0644b3daca28dcb320373ae20069c269c9386304 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2025-37818 – LoongArch: Return NULL from huge_pte_offset() for invalid PMD
https://notcve.org/view.php?id=CVE-2025-37818
08 May 2025 — In the Linux kernel, the following vulnerability has been resolved: LoongArch: Return NULL from huge_pte_offset() for invalid PMD LoongArch's huge_pte_offset() currently returns a pointer to a PMD slot even if the underlying entry points to invalid_pte_table (indicating no mapping). Callers like smaps_hugetlb_range() fetch this invalid entry value (the address of invalid_pte_table) via this pointer. The generic is_swap_pte() check then incorrectly identifies this address as a swap entry on LoongArch, becaus... • https://git.kernel.org/stable/c/34256805720993e37adf6127371a1265aea8376a •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2025-37817 – mcb: fix a double free bug in chameleon_parse_gdd()
https://notcve.org/view.php?id=CVE-2025-37817
08 May 2025 — In the Linux kernel, the following vulnerability has been resolved: mcb: fix a double free bug in chameleon_parse_gdd() In chameleon_parse_gdd(), if mcb_device_register() fails, 'mdev' would be released in mcb_device_register() via put_device(). Thus, goto 'err' label and free 'mdev' again causes a double free. Just return if mcb_device_register() fails. In the Linux kernel, the following vulnerability has been resolved: mcb: fix a double free bug in chameleon_parse_gdd() In chameleon_parse_gdd(), if mcb_de... • https://git.kernel.org/stable/c/3764e82e5150d87b205c10cd78a9c9ab86fbfa51 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-37812 – usb: cdns3: Fix deadlock when using NCM gadget
https://notcve.org/view.php?id=CVE-2025-37812
08 May 2025 — In the Linux kernel, the following vulnerability has been resolved: usb: cdns3: Fix deadlock when using NCM gadget The cdns3 driver has the same NCM deadlock as fixed in cdnsp by commit 58f2fcb3a845 ("usb: cdnsp: Fix deadlock issue during using NCM gadget"). Under PREEMPT_RT the deadlock can be readily triggered by heavy network traffic, for example using "iperf --bidir" over NCM ethernet link. The deadlock occurs because the threaded interrupt handler gets preempted by a softirq, but both are protected by ... • https://git.kernel.org/stable/c/7733f6c32e36ff9d7adadf40001039bf219b1cbe •